Collecting Cybersecurity Intelligence Course

This course teaches how to design and implement a system of cybersecurity intelligence collection and analysis and collect data from network-based and host-based intelligence sources.

44 minutes

Course description

Even with the most thorough testing of a security infrastructure, at some point there will be problems. You may be able to stop them as they occur and before they cause any damage, or you may have to deal with investigation of an incident that you were unable to stop. At all times, having good security intelligence will help you keep your systems secure or make them secure again.


Collect Data from Host-Based Intelligence Sources

Video - 00:11:00

Server and workstation logs can also provide intelligence that can be used to identify TTPs and IOCs.
Collect Data from Network-Based Intelligence Sources

Video - 00:11:00

Switches, routers and other network device logs and traffic analysis can identify threats and intrusions.
Deploy a Security Intelligence Collection and Analysis Platform

Video - 00:22:00

Most systems collect information in log files that can be used to identify unusual, suspicious or malicious activity. Developing an automated system, such as an IDS, IPS or SIEM to analyze this information is a critical step in intelligence gathering.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust